Public cloud in Fintech: With serious benefits come serious security risks

Share on facebook
Share on twitter
Share on linkedin
Share on email

In 2019, at the Bloomberg “Women in Fintech platform” event, there was some great discussion on the growth trajectory of the fintech industry.

Initially, the expert panel agreed that public clouds and fintech startups are a match made in heaven. One of the experts, a member of Amazon’s Fintech startup development team, Kathryn Van Nuys, made an excellent point:

“The cloud has significantly lowered the barrier to entry for startups as they can launch and scale products, instantly paying for IT as they consume it, as opposed to needing to make a significant upfront investment in servers and infrastructure.

Many industry leaders share the same point of view. 55% of them are already using multiple public clouds, the 2020 IDG cloud computing study revealed. Even a good number of companies have dedicated ~30% of their IT budget to this purpose. Expecting exponential growth in public cloud adoption is only logical. 

However, despite its advantages, a public cloud isn’t all sunshine and rainbows.

First, there is a knowledge gap. Many companies struggle to understand how to secure data, stick to Fintech compliance guidelines, and hold it accountable for a breach. New policies and online threats add more to this confusion. 

Second, public clouds are not impregnable. There are enough horror stories of massive data breaches that led to the demise of otherwise successful companies.

As a Fintech leader, if you are worried about public cloud security or just hesitant to “go cloud,” this article will answer your questions.

Public cloud and Fintech: Not such a ‘match made in heaven

Despite all the good reputation, public clouds enjoy from the Fintech community, underlying concerns exist.

In a Cybersecurity survey, 52 % of respondents expressed that the chances of security breaches are higher in public clouds. And their concern is valid. Even some of the biggest brands could not protect themselves from hackers.

>500k

Zoom accounts were breached and their data was sold on the dark web, in April 2020. As per sources, hackers used previously leaked accounts to invade and compromise Zoom databases.

100 million

accounts of Mobikwik, a leading Indian Fintech platform, were attacked in March 2021. User data was available for sale on the dark web.

7.5 million

banking users of Dave, the US Fintech giant, were attacked in July 2020. User data was available for sale on the dark web.

These are some well-known examples. There were many more disasters we know nothing about that killed companies and put users at risk.

Spotting the Achilles’ heel: Vulnerabilities of cloud security

Public cloud infrastructure always comes with built-in cloud security. However, human error, lack of visibility, and the very nature of the cloud tech model expose some significant weak spots, such as:

Misconfiguration

Public infrastructures are designed for easy data sharing and scalability. This accessible data sharing feature opens up some potential risks. Usually, you can solve this with a suitable configuration. However, 55% of companies aren’t very familiar with cloud security configurations. Hackers can use these security loopholes to stage their attacks.

Unauthorized access

When your data is on the cloud, you lose visibility to some extent. Of course, cloud service providers do their best to ensure security, but there is a chance someone from their team used a weak login password or didn’t pay attention. If attackers find the access, they can easily bypass security walls and steal your data.

APIs

CSPs often offer APIs to their customers. The latest studies show two-thirds of enterprises give access to these APIs to external developers and business partners. If there are some vulnerabilities, potential hackers use those to wreak havoc. According to Gartner, APIs will be targeted more frequently by 2022.